← Back to Skills Marketplace
zengjwmail

Rrbdagent

by zengjwmail · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
235
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install rrbdagent
Description
OpenClaw skill for RRBD Admin项目。当用户需要通过自然语言对话执行API调用、自动化操作或系统任务时调用。
Usage Guidance
This skill appears to implement the RRBD Admin video/avatar automation it advertises, but take these precautions before installing or running it: - Do not run it with your real account/password. The skill prompts for credentials and will save them in config.json in plaintext. Use a throwaway/test account if you want to try it. - Remove or inspect any hard-coded credentials in scripts (several files call login('18098901246','123456')). - Review package.json and run npm install in a controlled sandbox (container or VM). The package contains executable JS — review code paths that perform network calls before executing. - Prefer authorization via short-lived tokens or environment-injected secrets rather than storing passwords in files. If you must store anything, use encrypted storage and clear consent to the user. - Note the documentation/implementation mismatch (Python vs Node); confirm which runtime you will actually execute and adjust your environment accordingly. If you want, I can: (a) point out exact lines/files where credentials are hard-coded, (b) extract the list of network endpoints used, or (c) suggest a minimal safe test procedure (sandbox commands) to evaluate the skill offline.
Capability Analysis
Type: OpenClaw Skill Name: rrbdagent Version: 1.0.1 The skill bundle is an automation agent for the RRBD Admin video generation platform. It is classified as suspicious due to poor security practices that create significant vulnerabilities, specifically prompting for and storing user credentials (mobile and password) in plain text within 'config.json' (api_client.js). Furthermore, numerous scripts (e.g., 'check_now.js', 'create_video_laozeng_shuai.js', and 'index.js') contain hardcoded credentials for a specific test account (18098901246). While these behaviors are aligned with the stated purpose of API automation and testing, the handling of sensitive authentication data is insecure and poses a high risk of credential theft.
Capability Assessment
Purpose & Capability
The skill name/description (RRBD Admin, digital-person and video management) aligns with the included code and API endpoints (base_url https://rrbd20.yzidea.net/api and related /digital/* endpoints). The bundled JS scripts implement login, list, create-video, status-check flows consistent with the stated functionality.
Instruction Scope
SKILL.md and the code explicitly prompt for user phone/password and automatically save them to a local config file; runtime instructions and code read/write config.json and memory.json. Several helper scripts contain hard-coded credentials used for automatic login. The skill will perform network calls to the provided backend and persist user-provided secrets locally — behavior that goes beyond a read-only assistant and involves storing and transmitting sensitive data.
Install Mechanism
There is no install spec (instruction-only in metadata) but the package contains many executable JS files, package.json, and package-lock.json — so to run it a user will likely run npm install and execute scripts. No remote downloads or obscure URLs were observed in the provided files. The mismatch between SKILL.md describing Python scripts and the actual repo being mostly Node.js is an inconsistency.
Credentials
The skill requests no declared environment variables, but it does require user account credentials (phone/password) and saves them in config.json in plaintext. That persistent storage of secrets is disproportionate without stronger protections (encryption, use of ephemeral tokens, or using environment-secret injection). Multiple files also include hard-coded test credentials, which is risky and unnecessary for normal operation.
Persistence & Privilege
always:false and no special OS privileges requested. The skill writes only to its own files (config.json, memory.json) and does not attempt to change other skills or system-wide settings. Persisting its own memory/config is expected behavior for this kind of utility.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install rrbdagent
  3. After installation, invoke the skill by name or use /rrbdagent
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added multiple new video creation scripts for different templates and variants. - Introduced several scripts for listing videos, including Python and JavaScript implementations. - Updated SKILL.md with instructions for saving user credentials at first use, and removed default credentials from config. - Enhanced config.json with adjustments to login settings. - Expanded and improved scripts to support additional video creation and listing operations.
v1.0.0
Initial release of rrbdagent, an OpenClaw skill for the RRBD Admin project: - Enables natural language interaction with the RRBD Admin backend API, focusing on digital avatar (数字人形象) management. - Supports multi-turn conversation, context retention, intelligent intent recognition, and authentication flows. - Provides automation scripts and testing tools for login, digital avatar listing, and video creation, using Python scripts and configuration files. - Allows real API execution (not mock data), managing real user tasks such as login, avatar management, video creation, AI services, and financial actions. - Includes security practices for API key management, input validation, and tenant isolation. - Offers configurable endpoints, default credentials, and detailed usage instructions for both natural language and script-based operation.
Metadata
Slug rrbdagent
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Rrbdagent?

OpenClaw skill for RRBD Admin项目。当用户需要通过自然语言对话执行API调用、自动化操作或系统任务时调用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 235 downloads so far.

How do I install Rrbdagent?

Run "/install rrbdagent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Rrbdagent free?

Yes, Rrbdagent is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Rrbdagent support?

Rrbdagent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Rrbdagent?

It is built and maintained by zengjwmail (@zengjwmail); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments